Background
Last month, a cybersecurity firm discovered that this malware can now steal 2FA codes from Google Authenticator app and doing a simple technique by screenshotting the Authenticator app's interface.
Android banking trojan namely "Cerberus" malware has the capability to steal One-Time Password (OTP) generated through Google Authenticator app that's used as 2FA for many online accounts.
Impact
• Possible loss of sensitive information especially your bank account credentials
Recommendations
• Use and install anti-virus software.
• Adding "FLAG_SECURE" option inside the app's configuration as Flag prevents other apps to take screenshot of the codes
• Make sure to update all software applications
• Apply appropriate patches and updates immediately.
• Good cyber hygiene and safe practices.